As everyone I'm sure is aware, #1 (if not 1, close to it) thing is to secure any SSH server as best you can before it goes on the Internet, because most distributions default config leaves them in the equivalent of something like a locked storm door approach. (Wiggle the knob enough and it might just pop open.)
1. If possible disallow password authentication, use a secure shared key. Preferably transferring just the public key from the SSH box to your desktop(s), preferably by thumbdrive or similar. 2. I always disallow direct SSH root login. (I'm pretty sure this also means "they" have to guess a username, provided something doesn't do an end-run, e.g. buffer overflow, to allow access.) 3. A bit of belt-and-suspenders approach, but if you already have a VPN to allow access to your network, you can run SSH over the VPN. This can drastically cut the number of IP addresses you must allow to connect to SSH. Connections from a different IP range can simply be dropped. 4. Apply security updates regularly. >From a quick glance #1 would eliminate this particular botnet attack from adding your machine to their network(s). I go further, but I known I'm paranoid. :) I have enough to do without a security admin breathing down my neck and/or having to rebuild boxes cause I didn't do what I should. I do all that is possible to stop a breach before it happens, even if that means a bit of inconvenience on my part. (Others on the listserv I'm sure are infinitely more qualified than I am in this arena. Just some quick thoughts to prevent it before it happens.) Paul On Thu, Oct 1, 2015 at 8:16 AM, Prasoon Sharma < [email protected]> wrote: > Try looking into /etc/pki/tls/openssl.cnf file. Might be you made some > changes or you mistyped something into it. I faced similar issues today > and found I mistakenly typed something into that file. I removed it and > restarted sshd, my ftps and ssh again starting working fine. > > > On Monday, January 30, 2012 at 10:50:08 AM UTC+5:30, Kevin Wurm#1 wrote: >> >> Hello everyone, >> >> I'm having a problem with one of my fc15 machines. First it started with >> a file system error which I fixed with fsck . Once it came back up, the ssh >> server wouldn't at boot. Then I realized the client wasn't working either. >> I get the following errors: >> >> >> ------------------------------------------------------------------------------------------------------------------------------------------ >> # service sshd start >> Starting sshd (via systemctl): Job failed. See system logs and >> 'systemctl status' for details. >> [FAILED] >> >> # systemctl status sshd.service >> sshd.service - LSB: Start up the OpenSSH server daemon >> Loaded: loaded (/etc/rc.d/init.d/sshd) >> Active: failed since Sun, 29 Jan 2012 21:53:56 -0600; 4min 23s ago >> Process: 3985 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, >> status=1/FAILURE) >> CGroup: name=systemd:/system/sshd.service >> >> $ ssh kedo9 >> Auto configuration failed >> 3078813332:error:0E079065:configuration file >> routines:DEF_LOAD_BIO:missing equal sign:conf_def.c:362:line 1 >> >> # cat /var/log/messages-20120129 | grep ssh >> Jan 28 09:56:15 kedo15 systemd[1]: Unit sshd.service entered failed state. >> Jan 28 09:56:19 kedo15 systemd[1]: sshd.service: control process exited, >> code=exited status=1 >> (There are multiple entries like this) >> >> >> ------------------------------------------------------------------------------------------------------------------------------------------ >> >> I've done the usual googling, and haven't found much. I have also un- and >> re-installed. The sshd_config is now the default and still I have the same >> issues. I'm not sure what file it means is missing a "missing equal sign". >> >> I will be grateful for any ideas you might have. I really don't want to >> format this box. >> >> >> >> Thanks in advance, >> >> >> Kevin >> >> -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
